1 IPv6 รศ.ดร. อนันต์ ผลเพิ่ม Asso. Prof. Anan Phonphoem, Ph.D. [email protected] http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University, Bangkok, Thailand Mar 2018
1
IPv6
รศ.ดร. อนันต์ ผลเพิม่
Asso. Prof. Anan Phonphoem, [email protected]
http://www.cpe.ku.ac.th/~anan
Computer Engineering Department
Kasetsart University, Bangkok, Thailand
Mar 2018
2
Outline
IP Address Management
Rationale for IPv6
IPv6 Addresses
IP Address Management
3
Abbreviation
4
Full Name
ICANN Internet Corporation for Assigned Names and Numbers
IANA Internet Assigned Numbers Authority• a department of ICANN• responsible for allocation of globally unique names and no.
RIR Regional Internet Registries
APNIC Asia Pacific Network Information Center
ARIN American Registry for Internet Numbers
RIPE NCC Réseaux IP Européens Network Coordination Centre • Europe, Middle East and parts of Central Asia
RIR World Map
5
http://en.wikipedia.org/wiki/IPv4_address_exhaustion
6
The early years: 1981 – 1992
IANA: Internet Assigned Numbers Authority
7
Global Routing Table: ’88 - ’92
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
ก.ค.-
88
ม.ค.-
89
ก.ค.-
89
ม.ค.-
90
ก.ค.-
90
ม.ค.-
91
ก.ค.-
91
ม.ค.-
92
ก.ค.-
92
8
0
10000
20000
30000
40000
50000
60000
70000
80000
90000
100000
Jan-89 Jan-90 Jan-91 Jan-92 Jan-93 Jan-94 Jan-95 Jan-96
Global Routing Table: ’88 - ’92
Where do IP addresses come from?
9
10
The boom years: 1992 – 2001
“It has become clear that … these problems are likely to become critical within the next one to three years.” (RFC1366)
“…it is [now] desirable to consider delegating the registration function to an organization in each of those geographic areas.” (RFC 1338)
1992:
APNIC: Asia Pacific Network Info CenterARIN: American Registry for Internet NumbersRIPE: Europe
11
Global routing table
http://bgp.potaroo.net/as1221/bgp-active.html
CIDR
deployment
“Dot-Com”
boom
Projected
routing table growth
without CIDR
Sustainable
growth?
12
Recent years: 2002 – 2005
2004:
Establishment of the Number Resource Organization
Growth of the BGP Table 1994 to 2013
13
http://bgp.potaroo.net/
Note: Routing Information Base (RIB), also known as IP Routing TableForwarding Information Base (FIB), also known as IP forwarding table
Rationale for IPv6
14
15
Future of the Internet
16
What is wrong with IPv4 ?
Internet growth
New applications – Real time app
Network Changes
Need for corporations
IPv4 Exhaustion
“ Early this morning, the Asia Pacific Network Information Centre (APNIC) announced that it had been allocated two /8 address blocks from the Internet Assigned Numbers Authority (IANA). Those two blocks, 39/8 and 106/8, were the last unallocated blocks in the IANA free pool of IPv4 address available to Regional Internet Registries (RIR). With the allocation, the final days of IPv4 have moved closer as the number of available addresses that can be allocated will dwindle. “
17
Last of the IPv4 Addresses AllocatedBy Sean Michael Kerner | Feb 1, 2011http://www.enterprisenetworkingplanet.com/news/article.php/3923031/Last-of-the-IPv4-Addresses-Allocated.htm
IPv4 assignment
18
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
IPv4 Resource Allocations Date: 11 Dec 2013
19
AFRINIC3%
APNIC20%
ARIN40%
RIPENCC18%
LACNIC5%
IANA14%
http://bgp.potaroo.net/iso3166/v4cc.html
APNIC: Asia Pacific Network Info CenterARIN: American Registry for Internet NumbersRIPE: Europe
21
IPv6 VisionInternet for 10 Billion nodes
Always-on Identity Auto-Configure
MobileAlways-on Security
privacy
22
Rationale for IPv6
IPv4 address space consumption
Now ~10 years free space remaining
Unused addresses reclaimed
projection reality depleted!
Loss of “end to end” connectivity
Widespread use of NAT due to ISP policies and marketing
Additional complexity and performance degradation
23
The NAT
10.0.0.1 ..2 ..3 ..4
*AKA(also known as) home router, ICS, firewall
NAT*
61.100.32.128
R
61.100.32.0/25
61.100.32.1 ..2 ..3 ..4
ISP 61.100.0.0/16
The Internet
24
The NAT “Problem”
Internet
10.0.0.1
61.100.32.128
NAT
?Extn 10
PhoneNetwork
10 4567 9876
PABX
25
NAT implications
Breaks end-to-end network model Some applications cannot work through NATs
Breaks end-end security (IPsec)
Requires application-level gateway (ALG) new application is not NAT-aware, ALG device must
be upgraded
ALGs are slow and do not scale
Merging of separate private networks is difficult Due to address clashes
See RFC2993 Architectural Implications of NAT
IPv6 Deployment
26
#of IPv6 prefixes and AS
27
http://en.wikipedia.org/wiki/IPv6_deployment
Monthly IPv6 allocations per RIR
28
http://en.wikipedia.org/wiki/IPv6_deployment
IPv6 Users by CountryDate: 11 Dec 2013
29
http://bgp.potaroo.net/iso3166/v6dcc.html
IndexISO-3166
CodeInternet Users V6 Use ratio ▴ V6 Users (Est) PopulationCountry
1 CH 6,544,418 12.48% 816,867 7,681,242 Switzerland2 RO 9,710,357 11.16% 1,083,365 22,058,968 Romania3 LU 470,292 10.12% 47,607 517,430 Luxembourg4 DE 68,153,649 6.86% 4,677,521 82,112,831 Germany5 BE 8,152,741 6.30% 513,802 10,452,233 Belgium6 JP 99,409,750 5.98% 5,949,484 125,755,535 Japan7 US 249,622,663 5.89% 14,697,957 320,604,500 United States of America8 EU - 5.82% - -European Union9 PE 11,208,101 5.61% 629,291 31,133,616 Peru
10 FR 51,908,383 5.41% 2,809,229 65,227,926 France11 SG 3,436,691 3.90% 133,939 4,840,411 Singapore12 FJ 280,841 3.46% 9,726 1,003,005 Fiji
13 CZ 7,415,962 2.45% 181,599 10,163,030 Czech Republic14 NO 4,444,303 1.87% 83,211 4,729,492 Norway15 CN 518,047,719 1.50% 7,776,569 1,352,605,013 China16 HK 5,203,449 1.46% 75,778 7,206,994 Hong Kong 17 TW 16,697,956 1.33% 221,294 23,191,606 Taiwan24 MY 16,892,749 0.77% 129,788 27,693,032 Malaysia29 CA 28,793,186 0.40% 115,063 34,690,586 Canada41 TH 16,063,362 0.21% 33,615 67,777,901 Thailand
30
http://bgp.potaroo.net/iso3166/v6dcc.html
Features of IPv6
31
32
IPv6 feature summary
Increased size of address space
Header simplification
Extended Address Hierarchy
Auto-configuration / Renumbering
QoS (Integrated/Differentiated services
IPSec (As for IPv4)
33
IPv6 addressing model
Unicast
Single interface
Anycast
Any one of several
Multicast
All of a group of interfaces
Replaces IPv4 “broadcast”
See RFC 3513
34
Anycast
Assigned to more than one interface
Nodes must know that the add. is anycast add.
Addresses are from the unicast address space
In a region, where anycast is used, each member must have its own entry in the routing table
Note: now used only for (identify) routers
35
IPv4 vs IPv6
IPv4: 32 bits
• 232 addresses= 4,294,967,296 addresses
= 4 billion addresses
IPv6: 128 bits
• 2128 addresses?= 340,282,366,920,938,463,463,374,607,431,770,000,000
= 340 billion billion billion billion addresses?
• No, due to IPv6 address structure…
36
IPv6 header
IPv6 header is simpler than IPv4 IPv4: 14 fields, variable length (20 bytes +)
IPv6: 8 fields, fixed length (40 bytes)
Header fields eliminated in IPv6 Header Length
Identification
Flag
Fragmentation Offset
Checksum
Header fields enhanced in IPv6 Traffic Class
Flow Label
37
IPv6 transition
Dual stack hosts
Two TCP/IP stacks co-exists on one host
Supporting IPv4 and IPv6
Client uses whichever protocol it wishes
38
IPv6 transition
IPv4 IPv6
www.apnic.net
??
IPv4
TCP/UDP
Application
IPv6
Link
39
IPv6 tunnel over IPv4
IPv4Network
IPv6 IPv6
IPv6 Header Data
IPv4 Header IPv6 Header Data
IPv6 Header Data
tunnel
IPv6 transition
IPv6 Addressing
40
Address Structure
41
Prefix Type
42
Provider-Based Unicast Address
43
Type ID Registry ID
Address Hierarchy
44
45
IPv6 address format
8 groups of 4 hexadecimal digits
Each group represents 16 bits
Separator is “:”
Case-independent
46
2001:0DA8:E800:0000:0000:0000:0000:0001
2001:0DA8:E800:0000:0260:3EFF:FE47:0001
IPv6 address format
2001:DA8:E800:0:260:3EFF:FE47:1
2001:0DA8:E800:0000:0000:0000:0000:0001
2001:0DA8:E800:0000:0260:3EFF:FE47:0001
2001:DA8:E800::1
47
Special Address
Unspecified address
0:0:0:0:0:0:0:0 ::
Source add. (when own add. is unknown)
48
Loopback address0:0:0:0:0:0:0:1 ::1
For testing
Datagram is delivered to local machine
Special Address
Transition IPv4 → IPv6
2 Formats
Compatible Address
(v6host → v4net → v6host)
Mapped Address
(v6host → v6net → v4host)
49
Compatible Address
50
(v6host → v4net → v6host)
Mapped Address
51
(v6host → v6net → v4host)
Local Address:
Site Local Address
52
Scope of an entire site (organization)
No public prefix required
Allow addressing within an organization
Not forward to outside (public Internet)
Similar to Private IPv4
Prefix FEC0::/10
Note: Start address with FExx:
Local Address:
Link Local Address
53Note: Start address with FExx:
Smaller scope than Site Local Add
Refer only to a particular physical link
Routers will not forward datagram using Link Local Add at all, not even within the organization
IPv6 Neighbor Discovery (ND)
Prefix FE80::/10
Multicast Address
54Note: Start address with FFxx:
55
Multicast
Multicast (and Anycast) built in from the Beginning
Scope more well-defined – 4 bit integer
Doesn’t influence well-defined groupsValue Scope
0 Reserved
1 Node Local
2 Link Local
5 Site Local
8 Organization Local
E Global Local
F Reserved
56
Multicast
A Few Well-Defined Groups
Note all begin with ff, the multicast addresses
Much of IGMP is from IPv4, but is in ICMP nowValue Scope
FF02::0 Reserved
FF02::1 All Nodes Address
FF02::2 All Routers Address
FF02::4 DVMRP Routers
FF02::5 OSPF
FF02::6 OSPF Designated Routers
FF02::9 RIP Routers
FF02::D All PIM Routers
57
Obtain IP Address
Router Adv.
Link Address
00:A0:C9:1E:A5:B6Prefix
4C00::/80
+ IPv6 Address
4C00::00A0:C9:1E:A5:B6
=
58
Obtain IP Address
DHCP
server
DHCP Request
00:A0:C9:1E:A5:B6
DHCP Response
4c00::00:A0:C9:1E:A5:B6
Packet Format
59
60
Structure of IPv6 Datagram
Base Header is fixed
40 Octets long
Options are in an extension header
Several extension headers
IPv6 Header
61
Basic Headers
62http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html
63
Basic Headers (Fields)
Version (4 bits) – only field to keep same position & name Class (8 bits) – new field Flow Label (20 bits) – new field Payload Length (16 bits) – length of data, slightly
different from total length Next Header (8 bits) – type of the next header, new idea Hop Limit (8 bits) – was time-to-live, renamed Source address (128 bits) Destination address (128 bits)
64
Header Simplification
Fixed length of all fields, not like old options field
Remove Header Checksum – rely on checksums at other layers
No hop-by-hop fragmentation – fragment offset irrelevant – MTU discovery
Add extension headers – next header type (sort of a protocol type, or replacement for options)
Basic Principle: Routers along the way should do minimal processing
65
Extension Headers
How do we know whether or not we have an upper layer header, or an extension header?
Both are combined into header types
66
Header Types
Look in packet for Next Header
Can be Extension Header
Can be something like ICMP, TCP, UDP, or other normal types
Header Type (Next Header)
67
คา่ รหสัยอ่ ชนิด
0 HBH Hop-by-Hop Options Header
6 TCP Tranmission Control Protocol
17 UDP User Datagram Protocol
43 RH Routing Header
44 FH Fragmentation Header
45 IDRP Inter-Domain Routing Protocol
51 AH Authentication Header
52 ESP Encrypted Security Payload
59 Null No Next Header
68
Extension Headers Types
1. Routing Header (RH-43)
2. Fragmentation Header (FH-44)
3. Hop-by-Hop Options Header (HBH-0)
4. Destinations Options Header (60)
5. Authentication Header (AH-51)
6. Encrypted Security Payload Header (ESP-52)
Base Header Extensions TCP/UDP Data
69
Extension Headers: 1. Routing Header (RH-43)
Version Traffic class Flow Label
Payload Length Next Hdr : 43
Hop Limit
Source Address
Destination Address
Next Hdr : 6 Hdr Len Other fields
Routing
70
Extension Headers
General Routing Header
Forwarding IPv6 Packets with the Hop-by-Hop Extension Header
71
The Hop-by-Hop Extension Header is the ONLY EH that MUST be fully processed by all network devices
http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html
Forwarding IPv6 Packets with the other Extension Headers
72
Network devices are not required to process any of the other IPv6 extension headers when simply forwarding the traffic
http://www.cisco.com/en/US/technologies/tk648/tk872/technologies_white_paper0900aecd8054d37d.html
73
Extension Headers:2. Fragmentation Header (FH-44)
“I thought we don’t fragment?”
Can do at the sending host
Insert fragment headers
74
Extension Headers
Options Headers in General
The usual next header and length
Any options that might be defined
75
Extension Headers:3. Hop-by-Hop Extension Header (HBH-0)
The usual format of an options header
An example is the jumbo packet
Payload length encoded
Can’t be less than 65,535
Can’t be used with fragmentation header
76
Extension Headers:4. Destinations Options Header(60)
Act – The Action to take if unknown option
00 – Skip Over
01 – Discard, no ICMP report
10 – Discard, send ICMP report even if multicast
11 – Discard, send ICMP report only if unicast
C – Can change in route
Number is the option number itself
77
Extension Headers: 5. Authentication Header (AH-51)
78
Extension Headers: 6. Encryption Header (ESP-52)
79
Address Chain
80
Extension Header Order
Hop-by-Hop options Header
Destination options Header (1)
Routing Header
Fragment Header
Authentication Header
Destination Options Header (2)
Upper Layer Header, e.g. TCP, UDP
81
ICMP
Completely Changed – note new header type
Now includes IGMP
Types organized as follows 1 – 4 Error messages
128 – 129 Ping
130 – 132 Group membership
133 – 137 Neighbor discovery
General Format
82
ICMPType Description
1 Destination Unreachable
2 Packet Too Big
3 Time Exceeded
4 Parameter Problem
128 Echo Request
129 Echo Reply
130 Group Membership Query
131 Group Membership Report
134 Router Advertisement
83
ICMP
Error Messages (Types 1 – 4): Examples
Destination Unreachable
Code 0 – No route to destination
Code 1 – Can’t get to destination for admin. reasons
Code 2 – Address unreachable
Code 3 – Port Unreachable
Packet Too Big
Code 0, Parameter is set to MTU of next hop
Allows for MTU determination
84
ICMP General Format
85
ICMP
Ping
Similar to IPv4
Echo Request, set code to 0
Echo Reply sent back
General Format
86
Changes from IPv4 to IPv6
Expanded addressing capabilities
Header format simplification
Improved support for extensions and options
Flow labeling capability
Authentication and privacy capabilities
IPv6 Address Structure
87
88
128 bits
IPv6 address structure
Topological Interface
/0 /64 /128
Infrastructure Site
/0 /64/48
Infrastructure CustomerISP
/0 /48/32
• Each site address is /48
• Providing 216 = 65,536 subnet addresses
• Current ISP allocation (min) is /32
• Providing 216 = 65,536 customer site addresses
• ISP allocation can be larger and can increase
89
Every ISP receives a /32 (or more)
Providing 65,536 site addresses (/48)
/32
/32
IPv6 – ISP addressing
/32
90
Every “site” receives a /48
Providing 65,536 /64 (LAN) addresses
IPv6 – Site addressing
/48
91
IPv6 – LAN addressing
Every LAN segment receives a /64
Providing 264 interface addresses per LAN
/64
92
IPv6 – Device addressing
Every device interface receives a /128 May be EUI-64 (derived from interface MAC address), random
number (RFC 3041), autoconfiguration, or manual configuration
/128 /128
/128
/128
93
References
“Tutorial - IPv6 Address Management” by Paul Wilson, Director General, APNIC
“IPv6 Tutorial/Workshop” by Rick Summerhill, Great Plains Network, and Dale Finkelson, U of Nebraska at Lincoln
“IPv6 21st Century Internet” by IPv6 Forum
“IPv6 Education and Deployment Efforts in Japan” by Takashi Arano, NTT Communications